In a digital signature scheme, each user U chooses a signing key SKu and a matching verification key, PKu. User U uses SKu to compute easily his digital signature of a message m, SIGu(m), while anyone knowing that PKu is U's public key can verify that SIGu(m) is U's signature of m. Computing the signature SIGu(m) without knowing SKU is practically impossible. On the other hand, knowledge of PKu does not give any practical advantage in computing SKu. For this reason, it is in U's interest to keep SKu secret (so that only he can digitally sign for U) and to make PKu as public as possible (so that everyone dealing with U can verify U's digital signatures). Indeed, SKu is often referred to as U's secret key, and PKu as U's public key.
Note that, to verify that SIGu(m) really is the digital signature of user U for the message m, not only should a verifier know PKU, but he should also know that PKu really is U's public key. Thus, to ensure the smooth flow of business and communications in a world with millions of users, users' public keys are digitally certified by proper authorities to belong to their legitimate users.
At the same time, it is also necessary to revoke some previously issued certificates (e.g., because the secret key corresponding to a given certified public key has been compromised). Unfortunately, this may not be easy. Indeed, a digital certificate cannot just be “taken away:” such a certificate is, in essence, a number, and arbitrarily many copies of it may be made and illegitimately used. Current public-key infrastructures (PKIs) rely on Certificate Revocation Lists (CRLs) for handling certificate revocation. Unfortunately, CRLs are not very efficient in several scenarios.